Your GDPR risks


If you fail to comply with the GDPR, your business can risk:

  • business disruption (especially during any ICO or other regulatory investigation)
  • lasting damage to your customer relationships
  • lasting damage to your reputation
  • prosecution
  • fines and penalties.

What are the penalties for a personal data breach?

If you fail to comply with the GDPR, and experience a personal data breach, you could face fines of up to £20 million or 4% of your global turnover – plus a criminal record and/or custodial sentence.

If you fail to notify the ICO that you’re processing personal data, that’s a criminal offence carrying a fine of up to £5,000.

The number of fines levied, and their value, increases year on year. The ICO takes data security breaches very seriously.

“What if we don’t get found out?”

You can’t just hope that no one discovers your data breach. Under the GDPR, you’re required to notify the ICO of any personal data breach which is ‘likely to result in a high risk of adversely affecting individual rights and freedoms’ – and to do so within 72 hours. You can be fined up to £250,000 just for not reporting a data breach.

It’s not just the ICO

Depending on your sector, you could be open to fines from other regulatory bodies, too. The FCA, for example, can impose unlimited fines – and they could revoke your licence.

It’s not just your own compliance!

You should be concerned not only about your own compliance with the GDPR but also any of your partners to whom you may pass personal data in the course of your business. In many cases, you will be legally responsible for how they handle and protect this data.

It’s not worth the risk

The cost of being found in breach of data protection law is significantly higher than the cost of bringing in the expertise of a firm like Data Protection Consultancy. So why risk it?

We offer expert data protection help and advice, audits, policies, training and other consultancy services. We can help your organisation to stay on the right side of the law – and breathe a sigh of relief.

Example breaches

In 2018, a personal finance brand was fined £16.4 million by the FSA for failing to prevent a cyber attack.

In 2018, the ICO fined Facebook £500,000 for its role in the Cambridge Analytica scandal.

A building society was fined £980,000 by the FSA for the loss of a laptop which contained confidential customer data.

The ICO fined a firm £250,000 for making nuisance marketing calls relating to personal injury claims.

Charities have been fined up to £250,000.

Read more about the ICO’s biggest fines and recent FSA fines.